| < Free Open Study > |
|
The control/rcpthosts file specifies the hosts for which qmail-smtpd will accept messages (unless RELAYCLIENT is set to allow relaying). However, qmail-smtpd does not attempt to validate the recipient. If an invalid recipient is specified, qmail-send will generate a bounce message. This is often a problem for simplistic open-relay testing programs that wrongly assume successful SMTP injection means successful delivery.
For example, a common relay test is to send a message to recipient%testhost@yourdomain, which relies on the Sendmail percent hack: stripping @yourdomain, replacing the % with @, resulting in recipient@testhost, and reinjecting the message to the new address.
With qmail, unless the control/percenthack file is in use, such a test merely tries to deliver a message to the local mailbox recipient%testhost, which probably doesn't exist. The result is a bounce message sent to the return address specified by the relay tester.
| < Free Open Study > |
|